Jump to content

Problem downloading Malwarebytes and running Internet Explorer


Recommended Posts

I first noticed my computer was having problems when I couldn't open Internet Explorer (the browser would open and remain blank for a few seconds and then close).  I am still able to use Google Chrome.  When I went to download the malwarebytes free software, I encountered errors saying there was some sort of Class Registry error and then giving me a couple of Run-time errors.  DDS and Attach logs are copied and pasted.  Thank you in advance for any help.

Blake

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16635
Run by blakeandjen at 23:20:24 on 2013-07-16
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4010.2116 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\EasyBloom\EasyBloom.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - <orphaned>
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - <orphaned>
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - <orphaned>
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
BHO: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - <orphaned>
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
uRun: [PlantSenseSysAgent] "C:\Program Files (x86)\EasyBloom\EasyBloom.exe"
uRun: [AROReminder] <no file>
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - <orphaned>
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
TCP: NameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF} : DHCPNameServer = 192.168.1.1 68.238.112.12
TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF}\2416E616E61613F58747 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF}\2425553454 : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF}\2427F6F6B63747F6E6567457563747 : DHCPNameServer = 64.89.70.2 64.89.74.2 4.2.2.1
TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF}\2494053475946494 : DHCPNameServer = 4.2.2.1 4.2.2.2
TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF}\34963736F61313337393 : DHCPNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF}\4456C616E65697 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{FD6FF594-D7F9-4B81-8708-9BD24F2EE6CF}\4716D6160777563747 : DHCPNameServer = 192.168.1.1 192.168.1.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - <is not referencing any dll>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-25 98208]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-21 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-21 701512]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-25 1692480]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2011-12-9 11576]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-25 2656280]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-12-14 58128]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2010-12-14 274432]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-25 176096]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2010-12-14 59904]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-9-25 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-4-26 25496]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-21 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-25 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-25 181760]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-25 412264]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-3-24 148360]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2011-11-12 24576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-25 158976]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-4-26 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-16 340240]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-25 250984]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-27 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-17 02:22:27 -------- d-----w- C:\Users\blakeandjen\AppData\Local\iLivid
2013-07-17 00:42:03 -------- d-----w- C:\Program Files (x86)\ARO 2013
2013-07-16 23:14:40 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F974DE05-D62B-44F1-91D0-AFCF6931FCB3}\mpengine.dll
2013-07-13 01:56:11 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-13 01:55:49 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-13 01:55:49 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-10 11:53:50 4249600 ----a-w- C:\Program Files (x86)\GUT40CD.tmp
2013-07-10 11:53:50 -------- d-----w- C:\Program Files (x86)\GUM40CC.tmp
.
==================== Find3M  ====================
.
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-06-01 18:21:16 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs
2013-06-01 18:21:16 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-06 11:29:18 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-06 06:03:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
============= FINISH: 23:20:40.08 ===============
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 11/24/2011 2:53:50 PM
System Uptime: 7/16/2013 10:39:02 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0YH79Y
Processor: Intel® Core i3-2330M CPU @ 2.20GHz | CPU | 2200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 577 GiB total, 486.139 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP164: 6/25/2013 7:32:16 AM - Windows Update
RP165: 6/28/2013 7:09:41 PM - Windows Update
RP166: 7/2/2013 7:11:13 AM - Windows Update
RP167: 7/5/2013 2:58:43 PM - Windows Update
RP168: 7/12/2013 9:55:52 PM - Windows Update
RP169: 7/13/2013 6:28:21 AM - Windows Update
RP170: 7/16/2013 7:13:34 PM - Windows Update
RP171: 7/16/2013 8:14:08 PM - Restore Operation
RP172: 7/16/2013 10:29:59 PM - Windows Modules Installer
RP173: 7/16/2013 10:37:12 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Digital Editions 2.0
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.1) MUI
Advanced Audio FX Engine
ARO 2013
Banctec Service Agreement
Bing Rewards Client Installer
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Complete Care Business Service Agreement
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Digital Delivery
Dell Edoc Viewer
Dell Touchpad
Dell VideoStage 
Dell Webcam Central
EasyBloom Companion
eBay
FASTT Math
File Uploader
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
H&R Block Basic + Efile 2011
H&R Block Basic + Efile 2012
Intel PROSet Wireless
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® PROSet/Wireless WiFi Software
Intel® WiDi
Intel® Wireless Display
Java Auto Updater
Java 6 Update 24
Java 6 Update 24 (64-bit)
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
MSVCRT
MSVCRT_amd64
Nikon Message Center
Nikon Transfer
Picture Control Utility
Realtek High Definition Audio Driver
Samsung ML-1740 Series
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SketchUp 8
Skype Toolbars
Skype™ 5.10
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update Installer for WildTangent Games App
ViewNX
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
Zoo Tycoon 2 - Zookeeper Collection
Zoo Tycoon2  - Marine Mania Demo
.
==== Event Viewer Messages From Past Week ========
.
7/16/2013 9:25:32 PM, Error: Microsoft-Windows-Kernel-General [5]  - {Registry Hive Recovered} Registry hive (file): '\??\Volume{93eb1377-e766-11e0-9583-806e6f6e6963}\System Volume Information\SystemRestore\New-software' was corrupted and it has been recovered. Some data might have been lost.
7/16/2013 9:25:05 PM, Error: Service Control Manager [7038]  - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:  The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
7/16/2013 9:25:05 PM, Error: Service Control Manager [7000]  - The UPnP Device Host service failed to start due to the following error:  The service did not start due to a logon failure.
7/16/2013 9:25:05 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
7/16/2013 9:01:22 PM, Error: Service Control Manager [7023]  - The Windows Defender service terminated with the following error:  %%-2147024882
7/16/2013 9:00:45 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
7/16/2013 8:59:35 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
7/16/2013 8:59:34 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
7/16/2013 8:59:34 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
7/16/2013 8:59:33 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
7/16/2013 8:59:33 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/16/2013 8:59:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/16/2013 8:59:23 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
7/16/2013 8:59:13 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD ctxusbm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
7/16/2013 8:59:13 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/16/2013 8:59:13 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/16/2013 8:59:13 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
7/16/2013 8:59:13 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/16/2013 8:59:13 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
7/16/2013 8:59:13 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
7/16/2013 8:59:13 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/16/2013 8:59:13 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
7/16/2013 8:59:13 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
7/16/2013 8:59:13 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
7/16/2013 8:59:13 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
7/16/2013 10:41:36 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.
7/16/2013 10:41:36 PM, Error: Service Control Manager [7000]  - The Dell Digital Delivery Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/16/2013 10:39:20 PM, Error: Service Control Manager [7000]  - The DgiVecp service failed to start due to the following error:  The system cannot find the device specified.
7/14/2013 3:28:07 PM, Error: Service Control Manager [7034]  - The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
7/14/2013 3:26:56 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.
.
==== End Of File ===========================
 

 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.
Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.
Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Please download AdwCleaner by Xplode to your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.

STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Link to post
Share on other sites

Hi and thank you for your help.  I was able to do most of what you asked, but I could not get the Junkware Removal Tool to download and run.  Also, I can't seem to get the "Choose File" attachment feature working, and so I've copied and pasted all of the text files instead of attaching them.  If there is a way for me to send you the .txt files other than attaching them, please let me know.  Also, because all of the copy and pasting made my reply too long, I've copied and pasted the 2 Farbar Recovery Scan Tool logs to my next reply instead of pasting them below.

 

I also encountered some error messages during some of the steps, which I've outlined below:

 

#1: ERUNT:  This worked, but I got the following message during the download process:

CoCreateInstance failed; code 0x80040154

 

#2: RogueKiller:  Worked fine - log copied and pasted below

 

#3: Malwarebytes Anti-Rootkit:  This eventually worked, but I got the following message when I first tried to run the program:

C:\Users\blakeandjen\Downloads\mbar-1.06.0.1004.zip

Class not registered

 

This "Class not registered" message is a common message I have been receiving lately when I try to download things.  I did a search for the mbar.exe file and was able to find it on my computer, and so I was eventually able to get this to work.  2 threats were found on the first scan, which I cleaned up, and then I ran a second scan, which was clean.  2 logs copied and pasted below.

 

#4: Junkware Removal Tool:  I could not get this to work.  I got a message "Non 7-Zip archive" after my first download.  When I tried to run the .exe, a black DOS box would open and quickly shut, and nothing happened.  I tried to download the file 3 times but got the same vanishing DOS box each time.

 

#5:  AdwCleaner:  Worked fine - log copied and pasted below

 

#6:  ESET Online Scanner:  Had to download an extra .exe file to get this to run in Google Chrome because my Internet Explorer is not working for some reason.  30 threats were found, but when I tried to click on the link to export them to a text file, the link did not work.  I therefore re-typed the list on the attached ESET Results.txt file.  All 30 of the threats were identified as "variant of ___ application," with the 2 exceptions noted in brackets on the ESET Results.txt file (one trojan, one "multiple threats")

 

#7:  Farbar Recovery Scan Tool:  Worked fine - FRST.txt and Addition.txt are copied and pasted in my next reply

 

----------------------

#2: Rogue Killer:  RK Report.Txt:


RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : blakeandjen [Admin rights]

Mode : Scan -- Date : 07/17/2013 07:38:30

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 1 ¤¤¤

[V2][ROGUE ST] 4772 : wscript.exe - C:\Users\BLAKEA~1\AppData\Local\Temp\launchie.vbs //B -> FOUND

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: WDC WD6400BPVT-75HXZT3 +++++

--- User ---

[MBR] 766f35feb751050c1141c93f447de2a9

[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 590375 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_07172013_073830.txt >>

 

-------------------------------------

#3: Malwarebytes Anti-Rootkit

mbar-log.txt:


Malwarebytes Anti-Rootkit BETA 1.06.0.1004

www.malwarebytes.org

 

Database version: v2013.07.17.04

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

blakeandjen :: BLAKEANDJEN-PC [administrator]

 

7/17/2013 7:41:54 AM

mbar-log-2013-07-17 (07-41-54).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: PUP

Objects scanned: 237484

Time elapsed: 21 minute(s), 46 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 2

c:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_036\google-sketchup_V.157926468a.exe (Adware.DomaIQ) -> Delete on reboot.

c:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_037\google-sketchup_keyword=google sketchup&source=48956-2001.exe (Adware.DomaIQ) -> Delete on reboot.

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

--------------------------------



#3: Malwarebytes Anti-Rootkit

system-log.txt:


---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16635

 

Java version: 1.6.0_24

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.192000 GHz

Memory total: 4204969984, free: 2331623424

 

Downloaded database version: v2013.07.17.04

Downloaded database version: v2013.07.15.01

Initializing...

------------ Kernel report ------------

     07/17/2013 07:41:50

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\ctxusbm.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\NETwNs64.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\Apfiltr.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\iwdbus.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\system32\DRIVERS\iBtFltCoex.sys

\SystemRoot\system32\DRIVERS\btmhsf.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\btmaux.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\??\C:\Windows\system32\Drivers\SSPORT.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\advapi32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\gdi32.dll

\Windows\System32\msctf.dll

\Windows\System32\wininet.dll

\Windows\System32\imm32.dll

\Windows\System32\nsi.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\difxapi.dll

\Windows\System32\comdlg32.dll

\Windows\System32\clbcatq.dll

\Windows\System32\ws2_32.dll

\Windows\System32\sechost.dll

\Windows\System32\setupapi.dll

\Windows\System32\kernel32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\urlmon.dll

\Windows\System32\ole32.dll

\Windows\System32\usp10.dll

\Windows\System32\psapi.dll

\Windows\System32\imagehlp.dll

\Windows\System32\shell32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\lpk.dll

\Windows\System32\normaliz.dll

\Windows\System32\user32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\iertutil.dll

\Windows\System32\comctl32.dll

\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

\Windows\System32\KernelBase.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

\Windows\System32\wintrust.dll

\Windows\System32\crypt32.dll

\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

\Windows\System32\devobj.dll

\Windows\System32\msasn1.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80065ff060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa800474b050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80065ff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80065ffb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80065ff060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800474b050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 7F2837E

 

Partition information:

 

    Partition 0 type is Other (0xde)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 208782

 

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 212992  Numsec = 40960000

    Partition file system is NTFS

    Partition is bootable

 

    Partition 2 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 41172992  Numsec = 1209088688

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 640135028736 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...

Done!

Infected: c:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_036\google-sketchup_V.157926468a.exe --> [Adware.DomaIQ]

Infected: c:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_037\google-sketchup_keyword=google sketchup&source=48956-2001.exe --> [Adware.DomaIQ]

Scan finished

Creating System Restore point...

Could not create restore point...

Cleaning up...

Removal scheduling successful. System shutdown needed.

System shutdown occurred

=======================================

 

 

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_212992_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

 

Account is Administrative

 

Internet Explorer version: 10.0.9200.16635

 

Java version: 1.6.0_24

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED

CPU speed: 2.192000 GHz

Memory total: 4204969984, free: 2905841664

 

Initializing...

------------ Kernel report ------------

     07/17/2013 08:08:18

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iaStor.sys

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\drivers\disk.sys

\SystemRoot\system32\drivers\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\DRIVERS\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\DRIVERS\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\ctxusbm.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\wmiacpi.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\NETwNs64.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\nusb3xhc.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\Apfiltr.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\swenum.sys

\SystemRoot\system32\DRIVERS\ks.sys

\SystemRoot\system32\DRIVERS\iwdbus.sys

\SystemRoot\system32\DRIVERS\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\nusb3hub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\DRIVERS\IntcDAud.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\CtClsFlt.sys

\SystemRoot\system32\DRIVERS\iBtFltCoex.sys

\SystemRoot\system32\DRIVERS\btmhsf.sys

\SystemRoot\System32\Drivers\BTHUSB.sys

\SystemRoot\System32\Drivers\bthport.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\system32\DRIVERS\rfcomm.sys

\SystemRoot\system32\drivers\BthEnum.sys

\SystemRoot\system32\DRIVERS\bthpan.sys

\SystemRoot\system32\DRIVERS\btmaux.sys

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\mbam.sys

\SystemRoot\system32\DRIVERS\Sftvollh.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\system32\DRIVERS\Sftfslh.sys

\SystemRoot\system32\DRIVERS\Sftplaylh.sys

\SystemRoot\System32\DRIVERS\srvnet.sys

\??\C:\Windows\system32\Drivers\SSPORT.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\Sftredirlh.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\system32\drivers\spsys.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\Wldap32.dll

\Windows\System32\shell32.dll

\Windows\System32\ole32.dll

\Windows\System32\sechost.dll

\Windows\System32\user32.dll

\Windows\System32\urlmon.dll

\Windows\System32\usp10.dll

\Windows\System32\setupapi.dll

\Windows\System32\iertutil.dll

\Windows\System32\shlwapi.dll

\Windows\System32\lpk.dll

\Windows\System32\kernel32.dll

\Windows\System32\gdi32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\psapi.dll

\Windows\System32\clbcatq.dll

\Windows\System32\advapi32.dll

\Windows\System32\imm32.dll

\Windows\System32\comdlg32.dll

\Windows\System32\difxapi.dll

\Windows\System32\msctf.dll

\Windows\System32\msvcrt.dll

\Windows\System32\imagehlp.dll

\Windows\System32\wininet.dll

\Windows\System32\normaliz.dll

\Windows\System32\ws2_32.dll

\Windows\System32\nsi.dll

\Windows\System32\oleaut32.dll

\Windows\System32\crypt32.dll

\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll

\Windows\System32\comctl32.dll

\Windows\System32\wintrust.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll

\Windows\System32\devobj.dll

\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll

\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll

\Windows\System32\KernelBase.dll

\Windows\System32\msasn1.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80065e1060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8004713050

Lower Device Driver Name: \Driver\iaStor\

<<<2>>>

Device number: 0, partition: 3

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80065e1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80065e1ab0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80065e1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8004713050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 3

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 7F2837E

 

Partition information:

 

    Partition 0 type is Other (0xde)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 208782

 

    Partition 1 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 212992  Numsec = 40960000

    Partition file system is NTFS

    Partition is bootable

 

    Partition 2 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 41172992  Numsec = 1209088688

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 640135028736 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_212992_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removal finished

 

-----------------------------

#5:  AdwCleaner[s1].txt:


# AdwCleaner v2.305 - Logfile created 07/17/2013 at 11:08:24

# Updated 11/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : blakeandjen - BLAKEANDJEN-PC

# Boot Mode : Normal

# Running from : C:\Users\blakeandjen\Downloads\AdwCleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Deleted on reboot : C:\Program Files (x86)\BabylonToolbar

Deleted on reboot : C:\Program Files (x86)\Conduit

Deleted on reboot : C:\Program Files (x86)\Giant Savings

Deleted on reboot : C:\Program Files (x86)\SpecialSavings

Deleted on reboot : C:\ProgramData\Babylon

Deleted on reboot : C:\ProgramData\PC Optimizer Pro

Deleted on reboot : C:\ProgramData\Sidekick Manager

Deleted on reboot : C:\ProgramData\Tarma Installer

Deleted on reboot : C:\Users\BLAKEA~1\AppData\Local\Temp\{f34c9277-6577-4dff-b2d7-7d58092f272f}

Deleted on reboot : C:\Users\blakeandjen\AppData\Local\Conduit

Deleted on reboot : C:\Users\blakeandjen\AppData\Local\Giant Savings

Deleted on reboot : C:\Users\blakeandjen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kencldgjnaahnmjacapepbaikkkipojm

Deleted on reboot : C:\Users\blakeandjen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kencldgjnaahnmjacapepbaikkkipojm

Deleted on reboot : C:\Users\blakeandjen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kencldgjnaahnmjacapepbaikkkipojm

Deleted on reboot : C:\Users\blakeandjen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kencldgjnaahnmjacapepbaikkkipojm

Deleted on reboot : C:\Users\blakeandjen\AppData\Local\Ilivid

Deleted on reboot : C:\Users\blakeandjen\AppData\Local\Savings Sidekick

Deleted on reboot : C:\Users\blakeandjen\AppData\Local\SwvUpdater

Deleted on reboot : C:\Users\blakeandjen\AppData\LocalLow\BabylonToolbar

Deleted on reboot : C:\Users\blakeandjen\AppData\LocalLow\Conduit

Deleted on reboot : C:\Users\blakeandjen\AppData\LocalLow\PriceGong

Deleted on reboot : C:\Users\blakeandjen\AppData\Roaming\Babylon

Deleted on reboot : C:\Users\blakeandjen\AppData\Roaming\BabylonToolbar

Deleted on reboot : C:\Users\blakeandjen\AppData\Roaming\OpenCandy

File Deleted : C:\END

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKCU\Software\Default Tab

Key Deleted : HKCU\Software\Google\Chrome\Extensions\kencldgjnaahnmjacapepbaikkkipojm

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\pc optimizer pro

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287378

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Default Tab

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\Software\iLividSRTB

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLivid_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kencldgjnaahnmjacapepbaikkkipojm

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

Key Deleted : HKLM\SOFTWARE\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

Key Deleted : HKLM\SOFTWARE\Tarma Installer

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16635

 

 

 

 

 

 

 

-\\ Google Chrome v28.0.1500.72

 

File : C:\Users\blakeandjen\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

 

Deleted [l.31] : keyword = "search.conduit.com",

 

 

 

 

*************************

 

AdwCleaner[s1].txt - [7820 octets] - [17/07/2013 11:08:24]

 

########## EOF - C:\AdwCleaner[s1].txt - [7880 octets] ##########

 

----------------------------------------------------

#6: ESET results (I created this myself because I could not export results to a text file):


C:\$RECYCLE.BIN\S-1-5-21-118250649-317752561-2107411411-1000\$R94KAJD.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe

C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll

C:\Users\All Users\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll

C:\Users\blakeandjen\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000414

C:\Users\blakeandjen\AppData\Local\Temp\CReinstall_FLVPlayerSetup (1).exe

C:\Users\blakeandjen\AppData\Local\Temp\Main.class    [Java/Exploit.CVE-2011-3544.BF trojan]

C:\Users\blakeandjen\AppData\Local\Temp\SingAlong.exe

C:\Users\blakeandjen\AppData\Local\Temp\YontooSetup-Silent.exe

C:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_036\setup__120.exe

C:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_036\software\setup__1185.exe

C:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_037\setup__120.exe

C:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_037\software\Addlyrics.exe

C:\Users\blakeandjen\AppData\Local\Temp\DIQM\google-sketchup_037\software\OptimizerPro.exe

C:\Users\blakeandjen\AppData\Local\Temp\ibtmpf564504\component_555.decrpt

C:\Users\blakeandjen\AppData\Local\Temp\ICReinstall\cnet2_zoo2trial_exe.exe

C:\Users\blakeandjen\AppData\Local\Temp\is1598539481\BuzzdockSetup-Silent.exe     [multiple threats]

C:\Users\blakeandjen\AppData\Local\Temp\is87173921\MyBabylonTB.exe

C:\Users\blakeandjen\Downloads\ARO2013_tbt(1).exe

C:\Users\blakeandjen\Downloads\ARO2013_tbt.exe

C:\Users\blakeandjen\Downloads\cdbxp_setup_4.4.0.2905.exe

C:\Users\blakeandjen\Downloads\cnet2_zoo2trial_exe.exe

C:\Users\blakeandjen\Downloads\FLVPlayerSetup(1).exe

C:\Users\blakeandjen\Downloads\FLVPlayerSetup.exe

C:\Users\blakeandjen\Downloads\InternetExplore78and9repairscript32bit_downloader_byFileTrip (1).exe

C:\Users\blakeandjen\Downloads\InternetExplore78and9repairscript32bit_downloader_byFileTrip.exe

C:\Users\blakeandjen\Downloads\mplayer_tuguu_d1021461(1).exe

C:\Users\blakeandjen\Downloads\mplayer_tuguu_d1021461.exe

C:\Users\blakeandjen\Downloads\SoftonicDownloader_for_google-sketchup.exe




 


-------------------------------------------


 

Link to post
Share on other sites

Here are the 2 logs for the Farbar Recovery Scan Tool:

 

#7: Farbar Recovery Scan Tool
FRST.txt:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-07-2013 02
Ran by blakeandjen (administrator) on 17-07-2013 17:30:00
Running from C:\Users\blakeandjen\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(PlantSense, INC) C:\Program Files (x86)\EasyBloom\EasyBloom.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Nikon Corporation) C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [intelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-16] (Intel® Corporation)
HKLM\...\Run: [bTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10222080 2010-12-14] (Intel Corporation)
HKCU\...\Run: [PlantSenseSysAgent] - C:\Program Files (x86)\EasyBloom\EasyBloom.exe [996704 2010-03-24] (PlantSense, INC)
HKCU\...\Run: [AROReminder] -  [x]
MountPoints2: {93eb137a-e766-11e0-9583-806e6f6e6963} - D:\autorun.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dell Webcam Central] - "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Nikon Transfer Monitor] - C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [479232 2009-09-15] (Nikon Corporation)
HKLM-x32\...\Run: [ConnectionCenter] - "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [300472 2010-05-12] (Citrix Systems, Inc.)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {B0C1D5EE-3239-47D1-AF11-0E44E448BA25} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {B0C1D5EE-3239-47D1-AF11-0E44E448BA25} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: No Name - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -  No File
BHO-x32: No Name - {3049C3E9-B461-4BC5-8870-4C09146192CA} -  No File
BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
BHO-x32: No Name - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  No File
BHO-x32: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler-x32: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} -  No File
Handler-x32: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} -  No File
Handler-x32: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  No File
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler-x32: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -  No File
Handler-x32: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} -  No File
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} -  No File
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File
Filter-x32: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.238.112.12
 
Chrome: 
=======
CHR DefaultSearchURL: (Conduit) - http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN77359230525433118&ctid=CT3287378&UM=2
CHR DefaultSuggestURL: (Conduit) - http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=UN77359230525433118&UM=2
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Talk Plugin) - C:\Users\blakeandjen\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\blakeandjen\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\blakeandjen\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Extension: (Google Drive) - C:\Users\BLAKEA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\BLAKEA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\BLAKEA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\BLAKEA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\BLAKEA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR Extension: () - C:\Users\BLAKEA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_3640_2287
 
==================== Services (Whitelisted) =================
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-16] ()
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [x]
 
==================== Drivers (Whitelisted) ====================
 
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-11-12] (LeapFrog)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-07-17 17:29 - 2013-07-17 17:29 - 01778209 _____ (Farbar) C:\Users\blakeandjen\Downloads\FRST64.exe
2013-07-17 17:29 - 2013-07-17 17:29 - 00000000 ____D C:\FRST
2013-07-17 17:28 - 2013-07-17 17:28 - 00002227 _____ C:\Users\blakeandjen\Desktop\ESET results.txt
2013-07-17 15:16 - 2013-07-17 15:16 - 02347384 _____ (ESET) C:\Users\blakeandjen\Downloads\esetsmartinstaller_enu (1).exe
2013-07-17 11:39 - 2013-07-17 11:39 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-17 11:17 - 2013-07-17 11:24 - 02347384 _____ (ESET) C:\Users\blakeandjen\Downloads\esetsmartinstaller_enu.exe
2013-07-17 11:10 - 2013-07-17 11:10 - 00007935 _____ C:\Users\blakeandjen\Desktop\AdwCleaner[s1].txt
2013-07-17 11:08 - 2013-07-17 11:08 - 00007935 _____ C:\AdwCleaner[s1].txt
2013-07-17 11:08 - 2013-07-17 11:08 - 00001717 _____ C:\Windows\DeleteOnReboot.bat
2013-07-17 11:04 - 2013-07-17 11:06 - 00662345 _____ C:\Users\blakeandjen\Downloads\AdwCleaner (1).exe
2013-07-17 11:03 - 2013-07-17 11:04 - 00662345 _____ C:\Users\blakeandjen\Downloads\AdwCleaner.exe
2013-07-17 11:01 - 2013-07-17 11:01 - 00003174 _____ C:\Windows\System32\Tasks\{714F9E99-B56D-44C0-9DFD-2E093B96FA95}
2013-07-17 10:59 - 2013-07-17 11:00 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT (3).exe
2013-07-17 10:57 - 2013-07-17 10:58 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT (2).exe
2013-07-17 10:50 - 2013-07-17 10:55 - 00288131 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT (1).exe
2013-07-17 10:50 - 2013-07-17 10:50 - 00003162 _____ C:\Windows\System32\Tasks\{1F5191D5-3FB1-4572-A6FF-957C4B97AB7D}
2013-07-17 10:41 - 2013-07-17 10:44 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT.exe
2013-07-17 07:40 - 2013-07-17 07:40 - 00000000 ____D C:\Users\blakeandjen\Downloads\mbar-1.06.0.1004
2013-07-17 07:39 - 2013-07-17 07:39 - 13399154 _____ C:\Users\blakeandjen\Downloads\mbar-1.06.0.1004.zip
2013-07-17 07:38 - 2013-07-17 07:38 - 00001669 _____ C:\Users\blakeandjen\Desktop\RKreport[0]_S_07172013_073830.txt
2013-07-17 07:36 - 2013-07-17 07:38 - 00000000 ____D C:\Users\blakeandjen\Desktop\RK_Quarantine
2013-07-17 07:36 - 2013-07-17 07:36 - 03778560 _____ C:\Users\blakeandjen\Downloads\RogueKillerX64.exe
2013-07-17 07:28 - 2013-07-17 07:28 - 00000000 ____D C:\Windows\ERDNT
2013-07-17 07:26 - 2013-07-17 07:27 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-07-17 07:25 - 2013-07-17 07:25 - 00791393 _____ (Lars Hederer                                                ) C:\Users\blakeandjen\Downloads\erunt-setup.exe
2013-07-16 23:20 - 2013-07-16 23:20 - 00688992 ____R (Swearware) C:\Users\blakeandjen\Downloads\dds.scr
2013-07-16 23:20 - 2013-07-16 23:20 - 00018063 _____ C:\Users\blakeandjen\Desktop\dds.txt
2013-07-16 23:20 - 2013-07-16 23:20 - 00013241 _____ C:\Users\blakeandjen\Desktop\attach.txt
2013-07-16 23:13 - 2011-09-25 06:21 - 00000204 _____ C:\Users\Public\Desktop\My Identity Protection.url
2013-07-16 23:04 - 2013-07-16 23:13 - 00001964 _____ C:\Users\blakeandjen\Desktop\unhide.txt
2013-07-16 23:04 - 2013-07-16 23:04 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\blakeandjen\Downloads\unhide.exe
2013-07-16 23:02 - 2013-07-16 23:04 - 00002502 _____ C:\Users\blakeandjen\Desktop\Rkill.txt
2013-07-16 23:02 - 2013-07-16 23:02 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\blakeandjen\Downloads\rkill.exe
2013-07-16 23:02 - 2013-07-16 23:02 - 00000000 ____D C:\Users\blakeandjen\Desktop\rkill
2013-07-16 23:00 - 2013-07-16 23:00 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\blakeandjen\Downloads\mbam-setup-1.75.0.1300 (3).exe
2013-07-16 22:58 - 2013-07-16 22:58 - 01440846 _____ C:\Users\blakeandjen\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-07-16 22:39 - 2013-07-16 22:39 - 00001375 _____ C:\Users\blakeandjen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-16 22:26 - 2013-07-16 22:26 - 00002188 _____ C:\Users\blakeandjen\Downloads\28919-ie8-rereg.zip
2013-07-16 22:24 - 2013-07-16 22:24 - 01624136 _____ (Bandoo Media Inc) C:\Users\blakeandjen\Downloads\iLividSetup-r394-n-bc (1).exe
2013-07-16 22:22 - 2013-07-16 22:22 - 01624136 _____ (Bandoo Media Inc) C:\Users\blakeandjen\Downloads\iLividSetup-r394-n-bc.exe
2013-07-16 22:21 - 2013-07-16 22:21 - 00163408 _____ () C:\Users\blakeandjen\Downloads\InternetExplorer78and9repairscript32bit_downloader_by_FileTrip (1).exe
2013-07-16 22:20 - 2013-07-16 22:20 - 00163408 _____ () C:\Users\blakeandjen\Downloads\InternetExplorer78and9repairscript32bit_downloader_by_FileTrip.exe
2013-07-16 22:16 - 2013-07-16 22:16 - 00000229 _____ C:\Users\blakeandjen\Desktop\Enabie3.reg
2013-07-16 21:32 - 2013-07-16 21:32 - 01110478 _____ C:\Users\blakeandjen\Downloads\ProcessMonitor.zip
2013-07-16 20:42 - 2013-07-16 20:42 - 00000000 ____D C:\Program Files (x86)\ARO 2013
2013-07-16 20:41 - 2013-07-16 20:41 - 04887880 _____ (Support.com                                                 ) C:\Users\blakeandjen\Downloads\ARO2013_tbt.exe
2013-07-16 20:41 - 2013-07-16 20:41 - 04887880 _____ (Support.com                                                 ) C:\Users\blakeandjen\Downloads\ARO2013_tbt (1).exe
2013-07-16 20:40 - 2013-07-16 20:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\blakeandjen\Downloads\mbam-setup-1.75.0.1300 (2).exe
2013-07-16 20:25 - 2013-07-16 20:25 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\blakeandjen\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-07-16 20:12 - 2013-07-16 20:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\blakeandjen\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-14 14:32 - 2013-07-14 14:32 - 00675988 _____ C:\Users\blakeandjen\Desktop\Minecraft.exe
2013-07-14 14:14 - 2013-07-15 20:24 - 00000000 ___RD C:\Users\blakeandjen\Desktop\Minecraft Server
2013-07-14 09:54 - 2013-07-14 09:54 - 00089836 _____ C:\Users\blakeandjen\Documents\fish hawk.skp
2013-07-13 06:36 - 2013-06-11 19:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-13 06:36 - 2013-06-11 19:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-13 06:36 - 2013-06-11 19:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-13 06:36 - 2013-06-11 19:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-13 06:36 - 2013-06-11 19:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-13 06:36 - 2013-06-11 19:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-13 06:36 - 2013-06-11 19:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-13 06:36 - 2013-06-11 19:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-13 06:36 - 2013-06-11 19:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-13 06:36 - 2013-06-11 19:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-13 06:36 - 2013-06-11 19:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-13 06:36 - 2013-06-11 19:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-13 06:36 - 2013-06-11 19:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-13 06:36 - 2013-06-11 19:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-13 06:36 - 2013-06-11 19:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-13 06:36 - 2013-06-11 19:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-13 06:36 - 2013-06-11 19:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-13 06:36 - 2013-06-11 19:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-13 06:36 - 2013-06-11 19:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-13 06:36 - 2013-06-11 19:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-13 06:36 - 2013-06-11 19:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-13 06:36 - 2013-06-11 19:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-13 06:36 - 2013-06-11 19:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-13 06:36 - 2013-06-11 19:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-13 06:36 - 2013-06-11 19:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-13 06:36 - 2013-06-11 19:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-13 06:36 - 2013-06-11 19:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-13 06:36 - 2013-06-11 18:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-13 06:36 - 2013-06-11 18:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-13 06:36 - 2013-06-06 23:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-13 06:36 - 2013-06-06 22:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 22:02 - 2013-07-12 22:02 - 02221471 _____ C:\Users\blakeandjen\Documents\donavan.skp
2013-07-12 21:56 - 2013-06-04 23:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 21:56 - 2013-06-04 02:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 21:56 - 2013-06-04 00:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 21:56 - 2013-05-27 11:11 - 08553892 _____ C:\Users\blakeandjen\Documents\man.skb
2013-07-12 21:56 - 2013-05-06 02:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 21:56 - 2013-05-06 00:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-12 21:55 - 2013-04-09 19:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 21:55 - 2013-04-02 18:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 22:59 - 2013-07-10 22:59 - 00000000 ____D C:\Users\blakeandjen\AppData\Roaming\Mozilla
2013-07-10 07:53 - 2013-07-10 07:53 - 04249600 _____ C:\Program Files (x86)\GUT40CD.tmp
2013-07-10 07:53 - 2013-07-10 07:53 - 00000000 ____D C:\Program Files (x86)\GUM40CC.tmp
2013-07-06 19:50 - 2013-07-06 19:50 - 00024514 _____ C:\Users\blakeandjen\Documents\JGNJBGMCJMFCMG,FK,.skp
2013-07-04 08:09 - 2013-07-04 08:09 - 00014542 _____ C:\Users\blakeandjen\Downloads\hs_err_pid2448.log
2013-07-02 09:42 - 2013-07-02 09:42 - 00014399 _____ C:\Users\blakeandjen\Downloads\hs_err_pid6476.log
2013-07-02 07:01 - 2013-07-02 07:01 - 00015473 _____ C:\Users\blakeandjen\Downloads\hs_err_pid2856.log
2013-06-26 20:50 - 2013-06-26 20:50 - 06953496 _____ (Microsoft Corporation) C:\Users\blakeandjen\Downloads\Silverlight.exe
2013-06-26 09:11 - 2013-06-26 09:11 - 00014413 _____ C:\Users\blakeandjen\Downloads\hs_err_pid3996.log
2013-06-22 14:32 - 2013-06-22 14:32 - 02129302 _____ C:\Users\blakeandjen\Documents\jyitlu5dhr4se6twt4r5yiu=o78p[9oiuhrgtedryiugoyi.skp
2013-06-22 11:35 - 2013-06-22 11:37 - 00015595 _____ C:\Users\blakeandjen\Downloads\hs_err_pid6820.log
2013-06-21 10:15 - 2013-06-21 10:29 - 00000000 ____D C:\Users\blakeandjen\Desktop\2013-06-21 iPhone June 21 2013
2013-06-21 07:56 - 2013-06-21 07:56 - 10303127 _____ C:\Users\blakeandjen\Documents\685+9478+64.skp
 
==================== One Month Modified Files and Folders =======
 
2013-07-17 17:29 - 2013-07-17 17:29 - 01778209 _____ (Farbar) C:\Users\blakeandjen\Downloads\FRST64.exe
2013-07-17 17:29 - 2013-07-17 17:29 - 00000000 ____D C:\FRST
2013-07-17 17:28 - 2013-07-17 17:28 - 00002227 _____ C:\Users\blakeandjen\Desktop\ESET results.txt
2013-07-17 17:12 - 2012-01-07 22:50 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-17 16:15 - 2009-07-14 01:13 - 00779788 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-17 16:12 - 2011-09-25 07:10 - 01444417 _____ C:\Windows\WindowsUpdate.log
2013-07-17 15:16 - 2013-07-17 15:16 - 02347384 _____ (ESET) C:\Users\blakeandjen\Downloads\esetsmartinstaller_enu (1).exe
2013-07-17 11:39 - 2013-07-17 11:39 - 00000000 ____D C:\Program Files (x86)\ESET
2013-07-17 11:24 - 2013-07-17 11:17 - 02347384 _____ (ESET) C:\Users\blakeandjen\Downloads\esetsmartinstaller_enu.exe
2013-07-17 11:16 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-17 11:16 - 2009-07-14 00:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-17 11:10 - 2013-07-17 11:10 - 00007935 _____ C:\Users\blakeandjen\Desktop\AdwCleaner[s1].txt
2013-07-17 11:09 - 2012-11-17 14:26 - 00000426 _____ C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2013-07-17 11:09 - 2012-01-07 22:50 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-17 11:09 - 2011-09-25 05:50 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-07-17 11:09 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-17 11:09 - 2009-07-14 00:51 - 00057141 _____ C:\Windows\setupact.log
2013-07-17 11:08 - 2013-07-17 11:08 - 00007935 _____ C:\AdwCleaner[s1].txt
2013-07-17 11:08 - 2013-07-17 11:08 - 00001717 _____ C:\Windows\DeleteOnReboot.bat
2013-07-17 11:06 - 2013-07-17 11:04 - 00662345 _____ C:\Users\blakeandjen\Downloads\AdwCleaner (1).exe
2013-07-17 11:04 - 2013-07-17 11:03 - 00662345 _____ C:\Users\blakeandjen\Downloads\AdwCleaner.exe
2013-07-17 11:01 - 2013-07-17 11:01 - 00003174 _____ C:\Windows\System32\Tasks\{714F9E99-B56D-44C0-9DFD-2E093B96FA95}
2013-07-17 11:00 - 2013-07-17 10:59 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT (3).exe
2013-07-17 10:58 - 2013-07-17 10:57 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT (2).exe
2013-07-17 10:55 - 2013-07-17 10:50 - 00288131 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT (1).exe
2013-07-17 10:50 - 2013-07-17 10:50 - 00003162 _____ C:\Windows\System32\Tasks\{1F5191D5-3FB1-4572-A6FF-957C4B97AB7D}
2013-07-17 10:44 - 2013-07-17 10:41 - 00558958 _____ (Oleg N. Scherbakov) C:\Users\blakeandjen\Downloads\JRT.exe
2013-07-17 09:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2013-07-17 08:04 - 2010-11-20 23:47 - 00032206 _____ C:\Windows\PFRO.log
2013-07-17 07:40 - 2013-07-17 07:40 - 00000000 ____D C:\Users\blakeandjen\Downloads\mbar-1.06.0.1004
2013-07-17 07:39 - 2013-07-17 07:39 - 13399154 _____ C:\Users\blakeandjen\Downloads\mbar-1.06.0.1004.zip
2013-07-17 07:38 - 2013-07-17 07:38 - 00001669 _____ C:\Users\blakeandjen\Desktop\RKreport[0]_S_07172013_073830.txt
2013-07-17 07:38 - 2013-07-17 07:36 - 00000000 ____D C:\Users\blakeandjen\Desktop\RK_Quarantine
2013-07-17 07:36 - 2013-07-17 07:36 - 03778560 _____ C:\Users\blakeandjen\Downloads\RogueKillerX64.exe
2013-07-17 07:28 - 2013-07-17 07:28 - 00000000 ____D C:\Windows\ERDNT
2013-07-17 07:27 - 2013-07-17 07:26 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-07-17 07:25 - 2013-07-17 07:25 - 00791393 _____ (Lars Hederer                                                ) C:\Users\blakeandjen\Downloads\erunt-setup.exe
2013-07-16 23:20 - 2013-07-16 23:20 - 00688992 ____R (Swearware) C:\Users\blakeandjen\Downloads\dds.scr
2013-07-16 23:20 - 2013-07-16 23:20 - 00018063 _____ C:\Users\blakeandjen\Desktop\dds.txt
2013-07-16 23:20 - 2013-07-16 23:20 - 00013241 _____ C:\Users\blakeandjen\Desktop\attach.txt
2013-07-16 23:13 - 2013-07-16 23:04 - 00001964 _____ C:\Users\blakeandjen\Desktop\unhide.txt
2013-07-16 23:04 - 2013-07-16 23:04 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\blakeandjen\Downloads\unhide.exe
2013-07-16 23:04 - 2013-07-16 23:02 - 00002502 _____ C:\Users\blakeandjen\Desktop\Rkill.txt
2013-07-16 23:02 - 2013-07-16 23:02 - 01836672 _____ (Bleeping Computer, LLC) C:\Users\blakeandjen\Downloads\rkill.exe
2013-07-16 23:02 - 2013-07-16 23:02 - 00000000 ____D C:\Users\blakeandjen\Desktop\rkill
2013-07-16 23:01 - 2012-12-21 00:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-16 23:00 - 2013-07-16 23:00 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\blakeandjen\Downloads\mbam-setup-1.75.0.1300 (3).exe
2013-07-16 22:58 - 2013-07-16 22:58 - 01440846 _____ C:\Users\blakeandjen\Downloads\mbam-chameleon-1.62.1.1000.zip
2013-07-16 22:39 - 2013-07-16 22:39 - 00001375 _____ C:\Users\blakeandjen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-07-16 22:26 - 2013-07-16 22:26 - 00002188 _____ C:\Users\blakeandjen\Downloads\28919-ie8-rereg.zip
2013-07-16 22:24 - 2013-07-16 22:24 - 01624136 _____ (Bandoo Media Inc) C:\Users\blakeandjen\Downloads\iLividSetup-r394-n-bc (1).exe
2013-07-16 22:22 - 2013-07-16 22:22 - 01624136 _____ (Bandoo Media Inc) C:\Users\blakeandjen\Downloads\iLividSetup-r394-n-bc.exe
2013-07-16 22:21 - 2013-07-16 22:21 - 00163408 _____ () C:\Users\blakeandjen\Downloads\InternetExplorer78and9repairscript32bit_downloader_by_FileTrip (1).exe
2013-07-16 22:20 - 2013-07-16 22:20 - 00163408 _____ () C:\Users\blakeandjen\Downloads\InternetExplorer78and9repairscript32bit_downloader_by_FileTrip.exe
2013-07-16 22:16 - 2013-07-16 22:16 - 00000229 _____ C:\Users\blakeandjen\Desktop\Enabie3.reg
2013-07-16 21:32 - 2013-07-16 21:32 - 01110478 _____ C:\Users\blakeandjen\Downloads\ProcessMonitor.zip
2013-07-16 20:42 - 2013-07-16 20:42 - 00000000 ____D C:\Program Files (x86)\ARO 2013
2013-07-16 20:41 - 2013-07-16 20:41 - 04887880 _____ (Support.com                                                 ) C:\Users\blakeandjen\Downloads\ARO2013_tbt.exe
2013-07-16 20:41 - 2013-07-16 20:41 - 04887880 _____ (Support.com                                                 ) C:\Users\blakeandjen\Downloads\ARO2013_tbt (1).exe
2013-07-16 20:40 - 2013-07-16 20:40 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\blakeandjen\Downloads\mbam-setup-1.75.0.1300 (2).exe
2013-07-16 20:25 - 2013-07-16 20:25 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\blakeandjen\Downloads\mbam-setup-1.75.0.1300 (1).exe
2013-07-16 20:12 - 2013-07-16 20:12 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\blakeandjen\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-15 20:24 - 2013-07-14 14:14 - 00000000 ___RD C:\Users\blakeandjen\Desktop\Minecraft Server
2013-07-15 20:24 - 2012-11-28 21:48 - 00000000 ____D C:\Users\blakeandjen\AppData\Roaming\.minecraft
2013-07-15 18:07 - 2012-01-07 22:50 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-15 18:07 - 2012-01-07 22:50 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-14 15:26 - 2011-09-25 06:00 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-07-14 15:26 - 2011-09-25 06:00 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-07-14 14:32 - 2013-07-14 14:32 - 00675988 _____ C:\Users\blakeandjen\Desktop\Minecraft.exe
2013-07-14 09:54 - 2013-07-14 09:54 - 00089836 _____ C:\Users\blakeandjen\Documents\fish hawk.skp
2013-07-13 11:19 - 2009-07-14 00:45 - 00268856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 11:17 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 11:17 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 11:17 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 06:29 - 2012-01-07 22:50 - 00000000 ____D C:\Users\BLAKEA~1\AppData\Local\Google
2013-07-12 22:02 - 2013-07-12 22:02 - 02221471 _____ C:\Users\blakeandjen\Documents\donavan.skp
2013-07-12 21:56 - 2013-05-27 11:11 - 09436783 _____ C:\Users\blakeandjen\Documents\man.skp
2013-07-10 22:59 - 2013-07-10 22:59 - 00000000 ____D C:\Users\blakeandjen\AppData\Roaming\Mozilla
2013-07-10 07:53 - 2013-07-10 07:53 - 04249600 _____ C:\Program Files (x86)\GUT40CD.tmp
2013-07-10 07:53 - 2013-07-10 07:53 - 00000000 ____D C:\Program Files (x86)\GUM40CC.tmp
2013-07-06 19:50 - 2013-07-06 19:50 - 00024514 _____ C:\Users\blakeandjen\Documents\JGNJBGMCJMFCMG,FK,.skp
2013-07-05 15:05 - 2011-02-10 12:10 - 00774004 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-07-04 08:09 - 2013-07-04 08:09 - 00014542 _____ C:\Users\blakeandjen\Downloads\hs_err_pid2448.log
2013-07-02 09:42 - 2013-07-02 09:42 - 00014399 _____ C:\Users\blakeandjen\Downloads\hs_err_pid6476.log
2013-07-02 07:01 - 2013-07-02 07:01 - 00015473 _____ C:\Users\blakeandjen\Downloads\hs_err_pid2856.log
2013-06-26 20:50 - 2013-06-26 20:50 - 06953496 _____ (Microsoft Corporation) C:\Users\blakeandjen\Downloads\Silverlight.exe
2013-06-26 09:11 - 2013-06-26 09:11 - 00014413 _____ C:\Users\blakeandjen\Downloads\hs_err_pid3996.log
2013-06-22 14:32 - 2013-06-22 14:32 - 02129302 _____ C:\Users\blakeandjen\Documents\jyitlu5dhr4se6twt4r5yiu=o78p[9oiuhrgtedryiugoyi.skp
2013-06-22 11:37 - 2013-06-22 11:35 - 00015595 _____ C:\Users\blakeandjen\Downloads\hs_err_pid6820.log
2013-06-21 10:29 - 2013-06-21 10:15 - 00000000 ____D C:\Users\blakeandjen\Desktop\2013-06-21 iPhone June 21 2013
2013-06-21 07:56 - 2013-06-21 07:56 - 10303127 _____ C:\Users\blakeandjen\Documents\685+9478+64.skp
2013-06-17 20:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-07-13 10:58
 
==================== End Of Log ============================
 
--------------------------------------------
#7: Farbar Recovery Scan Tool
Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-07-2013 02
Ran by blakeandjen at 2013-07-17 17:31:29
Running from C:\Users\blakeandjen\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
 2013 (Version: 8.0)
Adobe AIR (x32 Version: 2.6.0.19120)
Adobe Digital Editions 2.0 (x32 Version: 2.0)
Adobe Flash Player 10 ActiveX (x32 Version: 10.3.181.34)
Adobe Flash Player 11 Plugin (x32 Version: 11.1.102.55)
Adobe Reader X (10.1.1) MUI (x32 Version: 10.1.1)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Banctec Service Agreement (x32 Version: 2.0.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Citrix online plug-in - web (x32 Version: 12.0.3.6)
Citrix online plug-in (DV) (x32 Version: 12.0.3.6)
Citrix online plug-in (HDX) (x32 Version: 12.0.3.6)
Citrix online plug-in (USB) (x32 Version: 12.0.3.6)
Citrix online plug-in (Web) (x32 Version: 12.0.3.6)
Complete Care Business Service Agreement (x32 Version: 2.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.60)
Dell DataSafe Local Backup (x32 Version: 9.4.60)
Dell Digital Delivery (x32 Version: 1.5.1249.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Touchpad (Version: 7.1209.101.204)
Dell VideoStage  (x32 Version: 1.2.0.1712)
Dell Webcam Central (x32 Version: 2.00.44)
EasyBloom Companion (x32)
eBay (x32 Version: 1.4.0)
ERUNT 1.1j (x32)
ESET Online Scanner v3 (x32)
FASTT Math (x32 Version: 1.2.0.12)
File Uploader (x32 Version: 1.2.5)
Google Chrome (x32 Version: 28.0.1500.72)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.145)
H&R Block Basic + Efile 2011 (x32 Version: 11.02.7102)
H&R Block Basic + Efile 2012 (x32 Version: 12.02.7803)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2345)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.0.1.0489)
Intel® PROSet/Wireless WiFi Software (Version: 14.1.2000)
Intel® WiDi (x32 Version: 2.1.38.0)
Intel® Wireless Display
Java Auto Updater (x32 Version: 2.0.3.1)
Java 6 Update 24 (64-bit) (Version: 6.0.240)
Java 6 Update 24 (x32 Version: 6.0.240)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Nikon Message Center (x32 Version: 0.92.000)
Nikon Transfer (x32 Version: 1.5.3)
Picture Control Utility (x32 Version: 1.1.9)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6312)
Samsung ML-1740 Series (x32)
SketchUp 8 (x32 Version: 3.0.15158)
Skype Toolbars (x32 Version: 1.0.4051)
Skype™ 5.10 (x32 Version: 5.10.116)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
ViewNX (x32 Version: 1.5.2)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Zinio Reader 4 (x32 Version: 4.2.4164)
Zoo Tycoon 2 - Zookeeper Collection (x32 Version: 1.00.0000)
Zoo Tycoon2  - Marine Mania Demo (x32 Version: 1.00.0000)
 
==================== Restore Points  =========================
 
25-06-2013 11:32:16 Windows Update
28-06-2013 23:09:41 Windows Update
02-07-2013 11:11:13 Windows Update
05-07-2013 18:58:43 Windows Update
13-07-2013 01:55:52 Windows Update
13-07-2013 10:28:21 Windows Update
16-07-2013 23:13:34 Windows Update
17-07-2013 00:14:08 Restore Operation
17-07-2013 02:29:59 Windows Modules Installer
17-07-2013 02:37:12 Windows Modules Installer
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {21FFD600-3336-418A-AB9A-83324DB2950B} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-118250649-317752561-2107411411-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File
Task: {2819FF77-1D77-4F4F-813F-3D09BA5D9481} - System32\Tasks\JavaUpdateSched => %COMMONPROGRAMFILES(x86)%\Java\Java Update\jusched.exe No File
Task: {288BC7AE-BA94-4E9F-B736-351C45EEFEAB} - System32\Tasks\4772 => C:\Windows\System32\wscript.exe [2009-07-13] (Microsoft Corporation)
Task: {36E853E4-4F55-4F98-9C8E-F6487FBD861D} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe No File
Task: {4365178E-A5C1-4B20-8C9F-DB2D428AA382} - System32\Tasks\0 => C:\program files\internet explorer\iexplore.exe [2013-06-11] (Microsoft Corporation)
Task: {47DFF923-C264-41D8-934B-9BEDC10206F2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe No File
Task: {6C604A56-7C6E-4E40-98B1-350A7DF34EDB} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {A6AA1D0C-EF08-4E23-9C01-DB69E8135BE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07] (Google Inc.)
Task: {A7A844FD-5AAB-42B1-9135-2AA9FFE1E05A} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe No File
Task: {B0170AFA-3ED6-4F58-B629-CA4A093FFD81} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-118250649-317752561-2107411411-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File
Task: {C9900F2A-6282-41FA-8BCE-5B50B0A3A74E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-07] (Google Inc.)
Task: {DB384AA9-D421-4CA4-97DB-C7E615FD375D} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe No File
Task: {E2EFE612-F000-441A-89C0-BE50F573EB40} - System32\Tasks\{47BFB1AE-8B94-45D4-8DA2-228782763CCF} => C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE [2010-02-28] (Microsoft Corporation)
Task: {EBE94063-7161-4556-8C0A-EF819E78D9FE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/17/2013 03:16:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/17/2013 03:16:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/17/2013 11:38:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/17/2013 11:24:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (07/17/2013 11:19:39 AM) (Source: CVHSVC) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (07/17/2013 11:10:14 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Dependent Assembly Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/17/2013 11:09:39 AM) (Source: CVHSVC) (User: )
Description: Information only.
The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (07/17/2013 11:09:39 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: exception in main loop CoCreateInstance failed : HR: 0x80040154 ErrorCode: 0x0
 
Error: (07/17/2013 11:09:39 AM) (Source: CVHSVC) (User: )
Description: Information only.
Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}
 
Error: (07/17/2013 11:09:39 AM) (Source: CVHSVC) (User: )
Description: Information only.
Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...
 
 
System errors:
=============
Error: (07/17/2013 11:11:42 AM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error: 
%%1053
 
Error: (07/17/2013 11:11:42 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.
 
Error: (07/17/2013 11:09:29 AM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%20
 
Error: (07/17/2013 09:40:15 AM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error: 
%%1053
 
Error: (07/17/2013 09:40:15 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.
 
Error: (07/17/2013 09:38:03 AM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%20
 
Error: (07/17/2013 08:07:02 AM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error: 
%%1053
 
Error: (07/17/2013 08:07:02 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.
 
Error: (07/17/2013 08:04:48 AM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%20
 
Error: (07/16/2013 10:41:36 PM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (07/17/2013 03:16:59 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\blakeandjen\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (07/17/2013 03:16:49 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\blakeandjen\Downloads\esetsmartinstaller_enu (1).exe
 
Error: (07/17/2013 11:38:57 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\blakeandjen\Downloads\esetsmartinstaller_enu.exe
 
Error: (07/17/2013 11:24:57 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\blakeandjen\Downloads\esetsmartinstaller_enu.exe
 
Error: (07/17/2013 11:19:39 AM) (Source: CVHSVC)(User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (07/17/2013 11:10:14 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
 
Error: (07/17/2013 11:09:39 AM) (Source: CVHSVC)(User: )
Description: The action cannot be completed. Try the action again. If the problem continues, contact Microsoft Product Support.
 
Error: (07/17/2013 11:09:39 AM) (Source: CVHSVC)(User: )
Description: Error: exception in main loop CoCreateInstance failed : HR: 0x80040154 ErrorCode: 0x0
 
Error: (07/17/2013 11:09:39 AM) (Source: CVHSVC)(User: )
Description: Product registration is corrupted for {90140011-0066-0409-0000-0000000FF1CE}
 
Error: (07/17/2013 11:09:39 AM) (Source: CVHSVC)(User: )
Description: Error: Product {90140011-0066-0409-0000-0000000FF1CE} found in the registry but SoftGrid doesn't know about it, skipping...
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 45%
Total physical RAM: 4010.17 MB
Available physical RAM: 2166.22 MB
Total Pagefile: 8018.53 MB
Available Pagefile: 6081.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:576.54 GB) (Free:484.57 GB) NTFS (Disk=0 Partition=3)
Drive d: (ZT2ZCD1) (CDROM) (Total:0.51 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=577 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

 

 

fixlist.txt

Link to post
Share on other sites

Below is a copy and paste of Fixlog.txt (again, I could not get the "Choose File" option to work).  Thank you.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-07-2013 02
Ran by blakeandjen at 2013-07-17 22:07:51 Run:1
Running from C:\Users\blakeandjen\Desktop
Boot Mode: Normal
==============================================
 
"C:\Users\BLAKEA~1\AppData\Local\Temp\launchie.vbs" => File/Directory not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\AROReminder => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93eb137a-e766-11e0-9583-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{93eb137a-e766-11e0-9583-806e6f6e6963} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.
CHR DefaultSearchURL: (Conduit) - http://search.condui...Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN77359230525433118&ctid=CT3287378&UM=2 ==> The Chrome "Settings" can be used to fix the entry.
CHR DefaultSuggestURL: (Conduit) - http://suggest.searc...on.ashx?prefix={searchTerms}&CUI=UN77359230525433118&UM=2 ==> The Chrome "Settings" can be used to fix the entry.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll => Moved successfully.
C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll => Moved successfully.
C:\Users\blakeandjen\Downloads\InternetExplorer78and9repairscript32bit_downloader_by_FileTrip (1).exe => Moved successfully.
C:\AdwCleaner[s1].txt => Moved successfully.
C:\Users\blakeandjen\Downloads\AdwCleaner (1).exe => Moved successfully.
C:\Windows\System32\Tasks\{714F9E99-B56D-44C0-9DFD-2E093B96FA95} => Moved successfully.
C:\Users\blakeandjen\Downloads\JRT (3).exe => Moved successfully.
C:\Users\blakeandjen\Downloads\JRT (2).exe => Moved successfully.
C:\Users\blakeandjen\Downloads\JRT (1).exe => Moved successfully.
C:\Users\blakeandjen\Downloads\JRT.exe => Moved successfully.
C:\Windows\System32\Tasks\{1F5191D5-3FB1-4572-A6FF-957C4B97AB7D} => Moved successfully.
C:\Program Files (x86)\GUT40CD.tmp => Moved successfully.
C:\Program Files (x86)\GUM40CC.tmp => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{21FFD600-3336-418A-AB9A-83324DB2950B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21FFD600-3336-418A-AB9A-83324DB2950B} => Key deleted successfully.
C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-118250649-317752561-2107411411-1000 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-118250649-317752561-2107411411-1000 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2819FF77-1D77-4F4F-813F-3D09BA5D9481} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2819FF77-1D77-4F4F-813F-3D09BA5D9481} => Key deleted successfully.
C:\Windows\System32\Tasks\JavaUpdateSched => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JavaUpdateSched => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{288BC7AE-BA94-4E9F-B736-351C45EEFEAB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{288BC7AE-BA94-4E9F-B736-351C45EEFEAB} => Key deleted successfully.
C:\Windows\System32\Tasks\4772 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4772 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36E853E4-4F55-4F98-9C8E-F6487FBD861D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36E853E4-4F55-4F98-9C8E-F6487FBD861D} => Key deleted successfully.
C:\Windows\System32\Tasks\PCDEventLauncher => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncher => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4365178E-A5C1-4B20-8C9F-DB2D428AA382} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4365178E-A5C1-4B20-8C9F-DB2D428AA382} => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47DFF923-C264-41D8-934B-9BEDC10206F2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47DFF923-C264-41D8-934B-9BEDC10206F2} => Key deleted successfully.
C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C604A56-7C6E-4E40-98B1-350A7DF34EDB} => Key not found.
C:\Windows\System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A6AA1D0C-EF08-4E23-9C01-DB69E8135BE1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6AA1D0C-EF08-4E23-9C01-DB69E8135BE1} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A7A844FD-5AAB-42B1-9135-2AA9FFE1E05A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7A844FD-5AAB-42B1-9135-2AA9FFE1E05A} => Key deleted successfully.
C:\Windows\System32\Tasks\SystemToolsDailyTest => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0170AFA-3ED6-4F58-B629-CA4A093FFD81} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0170AFA-3ED6-4F58-B629-CA4A093FFD81} => Key deleted successfully.
C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-118250649-317752561-2107411411-1000 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-118250649-317752561-2107411411-1000 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9900F2A-6282-41FA-8BCE-5B50B0A3A74E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9900F2A-6282-41FA-8BCE-5B50B0A3A74E} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DB384AA9-D421-4CA4-97DB-C7E615FD375D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB384AA9-D421-4CA4-97DB-C7E615FD375D} => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2EFE612-F000-441A-89C0-BE50F573EB40} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2EFE612-F000-441A-89C0-BE50F573EB40} => Key deleted successfully.
C:\Windows\System32\Tasks\{47BFB1AE-8B94-45D4-8DA2-228782763CCF} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{47BFB1AE-8B94-45D4-8DA2-228782763CCF} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EBE94063-7161-4556-8C0A-EF819E78D9FE} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBE94063-7161-4556-8C0A-EF819E78D9FE} => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\PC Optimizer Pro64 startups.job => Moved successfully.
 
==== End of Fixlog ====
Link to post
Share on other sites

  • Root Admin

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

Link to post
Share on other sites

Hello,

Both logs from TDSSKiller are attached (the second log was too long to copy and paste, and so I e-mailed it to my other computer and created my own .txt file so that I could use the "Attach File" option -- hope that works out).  5 threats were found, which I skipped.  Thank you for your help so far,

Blake

TDSSKiller.2.8.180.0_17.07.2013_22.32.49_log.tx.txt

TDSSKiller.2.8.180.0_17.07.2013_22.35.26_log.tx.txt

Link to post
Share on other sites

  • Root Admin

Those detections are okay - nothing to worry about.
 
Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.
Link to post
Share on other sites

  • Root Admin

Please reset Internet Explorer back to default settings:

How to reset Internet Explorer settings

Then run the following temp cleaner

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
Then after the reboot let me know how the computer is running and what issues you're still having.
Link to post
Share on other sites

Hi,

I couldn't get the TFC to work, and I'm not even sure I was able to reset the Internet Explorer settings.

 

As far as resetting Internet Explorer, my IE browser doesn't work (when I click on Internet Explorer, I get a window with a blue bar at the top and nothing else that opens for about 5-10 seconds and then closes automatically), so I tried to reset the settings manually by typing "inetcpl.cpl" in the Search window after pressing the Windows button.  That brought up the Internet Explorer options window, and I then clicked on the Advanced tab and then clicked Reset settings.  I got a message saying settings had been reset, but IE still wasn't working.

 

I then tried to download and run TFC, but it's not working.  A new tab in Google Chrome opens when I click on the link from this forum, but then nothing else happens -- no download starts, etc.  It just says "about:blank" in the address bar, and the tab is completely blank (I tried clicking on the link from a different computer and it worked fine, and so it's definitely a problem with my infected computer).  When I type the address (oldtimer.geekstogo.com/TFC.exe) directly into the address bar, the tab very briefly changes to "Loading" but then changes back to whatever it was before ("Untitled," "Google," etc.) in less than a second.  I wonder if my inability to click on the TFC link is the same reason I can't attach files to my responses to this forum?

 

Blake

Link to post
Share on other sites

  • Root Admin

Please download TFC from another computer and save to either a CD or USB stick and then copy to the affected computer and run it.

 

Also download a new fresh copy of Combofix and save to CD or USB stick to copy to the affected computer and run it after you run TFC

 

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

 

 

Link to post
Share on other sites

Hello,

I was able to run TCF after downloading the program onto a USB stick drive and it seemed to work fine.

I then re-ran a clean copy of ComboFix that I downloaded onto a USB stick drive, and the log is attached.

 

My Internet Explorer is still not working, and I still can't choose the "Attach File" option on this forum to attach files, and so I guess I'm still having problems with my computer.  Google Chrome seems to be working fine.

 

Any suggestions on how to get IE working again would be much appreciated.  I tried re-setting my IE settings again, but that didn't seem to do any good.  Thank you.

Link to post
Share on other sites

  • Root Admin

Can you try to attach the log again with Chrome.

 

Please save the following file to your computer and run it.

 

windows_repair_aio_setup

 

Let me know if that makes any difference or not.

 

Then run the following anitivirus scan.  You should be able to download this to USB and copy to the affected computer if needed.

 

dr_web_cureit_zpse80d87bf.jpg

  1. Please download Dr.Web CureIt! antivirus and save it to your computer. The file size is in excess of 100MB
  2. NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
  3. Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
  4. Shutdown your antivirus to avoid any conflicts while scanning.
  5. Once the scans have completed please re-enable your antivirus.
  6. If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
  7. If needed you can also temporarily disable it from starting with Windows
  8. Temporarily turn off any other security add-ons or applications you may also have.
  9. Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
  10. If it does not have a Digital Signature then do not run it.
  11. Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
  12. You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
  13. Click on the Yes button to start the installer.
  14. Click OK to scan your computer in the Enhanced Protection Mode
  15. Click on the check box to agree to participate in their software improvement program.
  16. Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
  17. Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
  18. Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
  19. Then click on the Start scanning button.
  20. If a threat is found you can click on the Action column in the program.
  21. Your options will be Cure or Ignore
  22. If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
  23. Then click on the Neutralize button.
  24. Once completed click on the green Open Report link. It will open the report in NOTEPAD
  25. Save the report to your desktop. The report will be called Cureit.log
  26. Close Dr.Web Cureit!
  27. Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  28. After reboot, attach the log Cureit.log you saved previously in your next reply.
  29. Re-Enable your antivirus and other security programs when all done.


 

 

fixupdates.zip

Link to post
Share on other sites

I tried to install the Windows Repair All in One file (I had to download it on to a USB stick drive on another computer first), but I went to install it, I got an error message towards the end of the installation process that says "Could not create uninstall shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Uninstall Tweaking.com - Windows Repair (All in One).lnk"

 

I clicked "Ok" and then nothing else happened.

 

I went to the Start menu and found a new folder under Programs called "Tweaking.com," but within that folder, there was only a subfolder called "Windows Repair (All in One)" and then that subfolder was empty.

 

Regardless I went back to Google Chrome and tried to attach the log using the "Choose File" option but it still did not work.

 

Do you want me to go ahead and try to run the Dr. Web Cure It antivirus scan?

Link to post
Share on other sites

  • Root Admin

There won't be a log if no threat is found with Dr Web.

 

I'm going to be on the road with limited access to the board until Tuesday but I will try to check back in if possible.

Please make sure you have an antivirus product installed and running on your computer while I'm away and we'll continue looking at it when I'm back.

 

Thank you

Link to post
Share on other sites

Hi,

My computer is still having the same problems -- Internet Explorer still cannot open, and now I'm also noticing that I can't get sound to work on web sites I visit, even though when I go to the Control Panel and press "Test," the sounds work just fine.  I would appreciate any help!

Link to post
Share on other sites

  • Root Admin

STEP 01
Please right click over Internet Explorer and choose Tools/Internet Options/Avanced and click on the RESET button and close the dialog box.
Then try to start Internet Explorer and see if it works or not.

STEP 02
Please try to downlod the Tweaking Windows Repair (All In One) tool directly from this link and then copy over to the affected computer and run it.



Windows Repair (All In One) Web Page

tweaking_Windows_Repair_All_In_One_zps01

Link to post
Share on other sites

Hi,

I was able to reset Internet Explorer, but it still did not work.

 

I then downloaded the Windows Repair program onto a stick drive from another computer and tried to run it on my affected computer.  The installation process seemed to work fine, but right towards the end I got an error message stating that it could not create a uninstall shortcut, and then the program closed out.  When I click on the Windows button to view my programs, I see a folder for "Tweaking.com" and a subfolder called "Windows Repair (All in One)," but the folders are empty, and there are no programs contained in the folders.

 

I tried Internet Explorer again, and it still does not work.  Thanks for your continued help!

Link to post
Share on other sites

  • Root Admin

Can you try running Combofix again and the copy the log file to your USB and then send back to me.  I never did get that log.

 

Delete any current copy on the desk and copy a new one over.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.